Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium


C# <allow verbs="POST"> and <deny verbs>?

Posted on 2007-10-20
Medium Priority
Last Modified: 2008-02-07
Hi there,
I used  <allow verbs="POST"> and <deny verbs="GET"> in my web.config to prevent GET methods being used in the application. However the authorisation didn't work properly. I was wondering how is the implementation of allow verbs and deny verbs? Does the implementation only check the first word of the HTTP request?

2) Interestingly, I used Burp Proxy to catch the request and manually change the GET request to POST request. However, what I did notice is that when I printed   Response.Write(Request.RequestType.ToString()); even after I changed the GET request to POST request manually e.g there is no word GET request. It still printed as "GET". Any idea why this is the case?
Question by:kecoak
1 Comment
LVL 21

Accepted Solution

surajguptha earned 2000 total points
ID: 20117020
>>Response.Write(Request.RequestType.ToString()); even after I changed the GET request to POST request manually e.g there is no word GET request. It still printed as "GET". Any idea why this is the case?

I think using the blurp proxy when you changed the get call to post call the method using which the object was passed might have been a get method, thats why it says request type as Get.
Try sending an explicit Get/ POST requests instead of changing it using the proxy

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article shows how to deploy dynamic backgrounds to computers depending on the aspect ratio of display
High user turnover can cause old/redundant user data to consume valuable space. UserResourceCleanup was developed to address this by automatically deleting user folders when the user account is deleted.
With just a little bit of  SQL and VBA, many doors open to cool things like synchronize a list box to display data relevant to other information on a form.  If you have never written code or looked at an SQL statement before, no problem! ...  give i…
How can you see what you are working on when you want to see it while you to save a copy? Add a "Save As" icon to the Quick Access Toolbar, or QAT. That way, when you save a copy of a query, form, report, or other object you are modifying, you…
Suggested Courses
Course of the Month13 days, 1 hour left to enroll

578 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question